Infosec bits for 2024 week 20
Maajied Moos | May 17, 2024, 2:35 p.m.
Cybersecurity News:
Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes [https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes, Dark Reading]
Why Tokens Are Like Gold for Opportunistic Threat Actors [John A. Smith, Dark Reading]
Log4Shell shows no sign of fading, spotted in 30% of CVE exploits [Help Net Security, Help Net Security]
Vulnerabilities & Patches:
Google fixes fifth Chrome zero-day exploited in attacks this year [Bill Toulas, Bleeping Computer]
CISA Adds One Known Exploited Vulnerability to Catalog [CISA, CISA]
Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS [Ryan Naraine, Security Week]
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws [Lawrence Abrams, Bleeping Computer]
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation [Newsroom, The Hacker News]
Adobe Patches Critical Flaws in Reader, Acrobat [Ryan Naraine, Security Week]
Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks [Jai Vijayan, Dark Reading]
Securing Git: Addressing 5 new vulnerabilities [Johannes SchindelinJohannes Schindelin, Git Hub]
Malware
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide [Pierluigi Paganini, Security Affairs]
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT [Newsroom, The Hacker News]
Malicious Go Binary Delivered via Steganography in PyPI [Phylum Research Team, Phylum]
‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts [Zack Whittaker, Tech Crunch]